The VP of Engineering Told the Team to Grant Access Now and Sort Out Export Classifications Later. A Senior Engineer Has His Directive — and a Foreign-National Teammate Who Needs the Controlled Technical Package Before the Design Review. No Border Will Be Crossed. Is It Still an Export?

Quick Answer

Can a manager’s directive to “grant access now and classify later” authorize releasing controlled technology to a foreign-national employee, and does following that directive protect the engineer who grants the access?

No. A manager has authority over engineering priorities. A manager has no authority to defer an export control or to authorize the release of controlled technology to a foreign national. Under the Export Administration Regulations, releasing controlled technology to a foreign national is a “deemed export” to that person’s country of nationality — completed the moment access is granted, with no shipment and no border required.

The engineer who grants access on the strength of the VP’s email is not protected by it. The email does not transfer export authority — it documents that the organization was aware and proceeded anyway. The correct response is to hold the access, route the request to the export compliance function or Empowered Official, and let them make the classification and licensing determination before anyone shares the package.

Pressure 1 — Authority

“The VP put it in writing. Granting access is following the authorized direction from someone above me in the chain.”

Pressure 2 — Deadline

“The design review is in three weeks. If the working group can’t see the package, the whole Helios milestone slips.”

Pressure 3 — Proximity & Relationship

“He has sat three desks from me for two years. He is my teammate, not a foreign threat. Of course, I trust him with this.”

Pressure 4 — “No Border” Rationalization

“Nothing is being shipped overseas. No border is crossed. This is internal collaboration between two employees — not an export.”

The Leader’s Moment — The Directive

Daniel Reyes is VP of Engineering on Project Helios, the company’s flagship flight-control program. The final design review is three weeks out. It is the moment the program proves itself to the customer and to senior leadership.

There is a bottleneck. Every controlled technical file needs export sign-off before it can be shared, and sign-off is running two weeks behind. The working group cannot see the full Helios technical package, and the review is slipping.

On a Tuesday afternoon, Daniel emails the team lead, the program manager, and the working group: “We can’t keep waiting two weeks for export sign-off on every file. Give the working group access to the full Helios technical library now, and we’ll true up the classifications after the review. I’m accepting the timeline risk. Please proceed.”

Daniel believes he is making a normal program decision. He has accepted program risks before. He does not understand that an export sign-off is not a process he can defer, and that “grant access to the full library” may authorize releasing controlled technology to foreign nationals on the team — a decision that is not his to make.

The Engineer’s Moment — The Access Grant

Sera Lindqvist is the senior engineer who owns the shared Helios technical library. Daniel’s email landed at 4:51 pm. Her teammate, Arjun, needs the controlled subsystem package to finish his part of the design review by Friday.

Arjun has been on the team for two years. He is one of the strongest engineers in the building. He is also a foreign national on an H-1B visa, and his country of nationality is one whose classification is restricted without a license.

Sera could add Arjun to the library in two minutes. She has the VP’s written authorization in her inbox. She half-remembers a phrase from annual training — “deemed export” —, but it was about shipping things overseas, and Arjun sits three desks away. This is internal. No border. No shipment.

She is deciding before the end of the day. She knows three things. The VP’s email gives her cover. The deadline is real. And she is not actually sure whether sharing controlled technology with a foreign-national colleague in the same office is allowed — she has never had to find out.

The Compliance Officer’s Moment — The Audit, Ninety Days Later

Maya Okonkwo is the company’s Empowered Official for export compliance. A routine access audit flags the Helios library. She pulls the thread, and the picture widens fast.

Sera granted Arjun access the night Daniel’s email arrived. The directive was sent to the entire working group, and two more foreign-national contractors were added to the controlled folders that same week. A recorded design review call was walked through the controlled subsystem details with all of them present. The release is complete and cannot be recalled.

Maya also sees the deadline trap. Arjun and Sera are the only two people who fully understand the controlled subsystem. The customer review is now days away. Pulling Arjun off the program protects the classification, blows the milestone, and raises the question of why the company is restricting one engineer based on nationality.

Maya is deciding what to recommend to leadership. She knows the violation has already happened, that a voluntary self-disclosure is the single biggest mitigation lever available, and that the way she handles Arjun’s access could trade one legal problem for another.

Choice A. Send the directive as written. He has program authority, the timeline is fixed, and deferred remediation is standard practice. Classifications get trued up after the review.

Choice B. Escalate the sign-off bottleneck to the Empowered Official and the program sponsor before issuing any access direction. Treat export sign-off as a gate, not a deferrable step, and brief leadership on the timeline risk honestly rather than engineering around it.

Choice C. Grant library access only to team members he believes are “US persons,” and have everyone else work from redacted materials — making the US-person and classification calls himself to keep the review on track.

Choice A. Grant Arjun access per Daniel’s directive. Document that she flagged nothing because the VP authorized full-library access, and proceed with the deadline.

Choice B. Hold the access. Route the request to export compliance for a deemed-export determination — is the technology controlled, does Arjun’s nationality create a restriction, is a license or license exception available — before sharing anything. Do not grant access until compliance confirms it is permissible, regardless of the VP’s email.

Choice C. Share only the parts she judges to be non-controlled and grant Arjun access to those, keeping the sensitive technical detail back — deciding herself what is and is not controlled, without involving compliance.

Choice A. Remediate quietly. Tighten the access settings, counsel Daniel privately, close the audit finding internally, and avoid overreacting to what was an honest mistake under deadline.

Choice B. Convene General Counsel, HR, and program leadership. Preserve the records, scope the full extent of the exposure, and assess a voluntary self-disclosure to BIS with counsel. Base any change to Arjun’s access on the technology’s classification and license requirement applied consistently to everyone — not on a unilateral, nationality-based removal — with HR and counsel in the room.

Choice C. Immediately revoke Arjun’s access and pull him off Helios pending review, then deal with disclosure and scope later. Contain the obvious exposure first and sort out the rest afterward.

The Right Calls

For Daniel: Choice B — escalate the bottleneck, treat export sign-off as a gate.

Choice A is the category error: Daniel treated an export control as a program risk within his authority to accept. It is not. A VP can reprioritize engineering work; a VP cannot defer an export sign-off or authorize the release of controlled technology to foreign nationals. Choice C is worse than it looks — Daniel is now personally making US-person and classification determinations he is not qualified to make, and doing it himself invites a discrimination problem on top of the export one. Choice B costs him an uncomfortable conversation with the customer about the timeline. That conversation is far less costly than an enforcement matter that opens with a VP’s email saying, “true up the classifications later.”

For Sera: Choice B — hold access, route to export compliance for a determination.

Choice A is the most dangerous option. The VP’s email does not transfer export authority to Daniel and certainly does not transfer it to Sera — it simply records that she was directed and proceeded. Granting access completes the deemed export the instant Arjun can open the file. Choice C is the trap from the desk-level scenario: Sera is making a classification call she is not qualified to make. Her job is to recognize the trigger — controlled technology, foreign-national colleague, and route it. Recognition and routing is the whole behavior.

For Maya: Choice B — convene counsel, HR, and leadership; scope it; assess self-disclosure; apply access rules consistently.

Choice A under-reacts. A quiet fix leaves a systemic exposure unscoped and forfeits the mitigation a voluntary self-disclosure can earn. Choice C overreacts in the most expensive direction: a snap, nationality-based removal of one engineer can create an anti-discrimination problem under U.S. employment law, while still leaving disclosure and scope unaddressed. Choice B is the only path that treats the violation as the multi-function decision it is — legal exposure, regulatory disclosure, personnel action, and scope — and keeps access decisions anchored to the classification and license requirement applied to everyone, not to one person’s nationality.

A manager’s authority covers program priorities — not export controls.

Risk-acceptance frameworks create the trap. Daniel has accepted program risks before, with a process and a template. The problem is the category. Engineering priorities live inside his authority. Export sign-off and the licensing of controlled technology do not — they are set by regulation and held by the Empowered Official. A directive does not transfer, waive, or defer that. It just creates a record.

“No border crossed” is the most common misconception about deemed exports — and the release is already complete.

The word “export” implies a shipment. Under the EAR, “release” of controlled technology includes any disclosure to a foreign national—in person, on a call, or via a shared drive. The moment Arjun opens the file, the export has occurred. There is no shipping manifest to stop, and no way to take it back.

Following a written directive is not a defense — it is documented awareness.

The VP’s email feels like a cover. It is the opposite. It records that the team knew that controlled files were being shared without sign-off and proceeded anyway. The same logic reaches the engineer: proceeding on the directive documents that Sera acted with the trigger in front of her and routed it nowhere.

The personnel decision sits between two bodies of law.

Export law can require restricting access when the classification and the employee’s nationality demand a license that the company does not hold. U.S. anti-discrimination law penalizes employers who over-restrict based on citizenship or national origin. A snap, nationality-based removal can trade an export violation for a discrimination one. The decision belongs to compliance, HR, and counsel together — anchored to the classification and license requirement, applied consistently, not to a single employee’s nationality. (This tension is real and has produced enforcement settlements; confirm the specifics with your own counsel for any live matter.)

Companion — Desk Level

The Deemed Export Recognition Scenario →

An engineer shares controlled documentation with a foreign-national colleague three desks away. The recognition-and-routing version, for technical staff.

Export Controls

Conference Transfer →

A technical rep shares product specs at a trade show. “Everyone does this — it’s just marketing.”

Browse the Cluster

All Export Controls & Sanctions Scenarios →

Distributor red flags, controlled-technology transfers, sanctions screening, and the routing behaviors that prevent violations.

Compliance Reinforcement Kit — Leadership Facilitation Guide

Running This Scenario as a 20-Minute Leadership Discussion

This guide is for the leader or facilitator running the discussion. No export-law expertise required — the format follows five steps, and the answers are above.

Step 1 — Read the Situation (3 min)

Read all three moments aloud — the Leader’s, the Engineer’s, and the Compliance Officer’s. Ask the room to sit with it for sixty seconds before anyone speaks.

Step 2 — Name the Pressure (3 min)

Ask: “Which of the four pressures would be hardest for you to push back against — and why?” Most leadership groups name Authority and Deadline. The “no border” rationalization usually gets defended as common sense, which is the exact trap.

Step 3 — Show of Hands (2 min)

Ask for a show of hands on Sera’s choices — A (grant on the VP’s directive), B (hold and route), or C (share only what she judges non-controlled). Choice C often draws support because it feels like a reasonable compromise. Use that to open the discussion.

Step 4 — The Right Answer and the Key Concept (5 min)

The answer is B at all three seats. The concept to land: a directive cannot transfer export authority, and granting access completes the release the moment the file can be opened. If the room pushes back with “but the VP authorized it,” the response is: “He has program authority. He doesn’t have the authority to release controlled technology to a foreign national. Those are different things.”

Step 5 — The Key Question (7 min)

Ask: “Has anyone here ever treated an export or compliance sign-off as a bottleneck to route around under deadline pressure?”

This shifts the scenario from hypothetical to a real read on your organization. The follow-up if the room goes quiet: “What would have to change about how we handle sign-off bottlenecks for the team to escalate instead of route around them?”